Adding patchinfo patchinfo.20240711084522434926.255638743075857

This commit is contained in:
Adrian Schröter 2024-10-10 08:41:58 +02:00
parent 35304c4c80
commit 41ae917be9

View File

@ -0,0 +1,101 @@
<patchinfo>
<!-- generated from request(s) 339484, 338850, 342356 -->
<issue tracker="bnc" id="1221763">ptrace(PTRACE_ATTACH) fails on processes of the same user</issue>
<issue tracker="bnc" id="1222548">VUL-0: CVE-2024-2511: openssl-1_1,openssl-3:Unbounded memory growth with session handling in TLSv1.3</issue>
<issue tracker="bnc" id="1222899">[SECURITY] openSSL 3.1.x EC doesn't work with tpm2</issue>
<issue tracker="bnc" id="1223306">Userspace livepatch application fails: ulp: Unable to get section data.</issue>
<issue tracker="bnc" id="1223336">openssl-3: variations in openssl-3-debugsource</issue>
<issue tracker="bnc" id="1223428">SUSE:SLE-15-SP6:GA openssl-3 not livepatch enabled</issue>
<issue tracker="bnc" id="1224388">VUL-0: CVE-2024-4603: openssl-3: excessive time spent checking DSA keys and parameters</issue>
<issue tracker="bnc" id="1225291">[NetApp SLES15 SP6 Bug]: NVMe/TCP TLS connection fails due to handshake failure</issue>
<issue tracker="bnc" id="1225551">VUL-0: CVE-2024-4741: openssl-1_1,openssl-3: Use After Free with SSL_free_buffers</issue>
<issue tracker="bnc" id="1227138">VUL-0: CVE-2024-5535: openssl: SSL_select_next_proto buffer overread</issue>
<issue tracker="cve" id="2024-2511"/>
<issue tracker="cve" id="2024-4603"/>
<issue tracker="cve" id="2024-4741"/>
<issue tracker="cve" id="2024-5535"/>
<issue tracker="cve" id="2024-6119"/>
<issue tracker="bnc" id="1229465">VUL-0: EMBARGOED: CVE-2024-6119: openssl-3: possible denial of service in X.509 name checks</issue>
<issue tracker="bnc" id="1221365">[FIPS][OpenSSL-3] Service Level Indicator is needed</issue>
<issue tracker="bnc" id="1221760">[FIPS][OpenSSL-3] Selftests are required</issue>
<issue tracker="bnc" id="1221753">[FIPS][OpenSSL-3] Error state has to be enforced</issue>
<issue tracker="bnc" id="1220523">[FIPS][OpenSSL-3] Entropy Source </issue>
<issue tracker="bnc" id="1221786">[FIPS][OpenSSL-3] Use of non-Approved Elliptic Curves</issue>
<issue tracker="bnc" id="1221751">[FIPS][OpenSSL-3] The FIPS module shall provide an output possibility</issue>
<issue tracker="bnc" id="1221821">[FIPS][OpenSSL-3] FIPS Domain Parameters</issue>
<issue tracker="bnc" id="1221827">[FIPS][OpenSSL-3] Recommendation for Password-Based Key Derivation</issue>
<issue tracker="bnc" id="1221752">[FIPS][OpenSSL-3] Zeroisation is required</issue>
<issue tracker="bnc" id="1220690">[FIPS][OpenSSL-3] Primary DRBG for openssl needs to have prediction resistance enabled or it shall be reseeded every time before providing an output to the caller.</issue>
<issue tracker="bnc" id="1220693">[FIPS][OpenSSL-3] Add oversampling of the noise source to comply with requirements of NIST SP 800-90C.</issue>
<issue tracker="bnc" id="1220696">[FIPS][OpenSSL-3] Change CRNG buf size to align with output size of the Jitter RNG.</issue>
<issue tracker="bnc" id="1221824">[FIPS][OpenSSL-3] NIST SP 800-56Brev2</issue>
<issue tracker="bnc" id="1221787">[FIPS][OpenSSL-3] Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4</issue>
<issue tracker="bnc" id="1221822">[FIPS][OpenSSL-3] NIST SP 800-56Arev3</issue>
<issue tracker="bnc" id="1226463">algif_hash in kernel-obs-build causes an openssl-1_1 test failure</issue>
<issue tracker="gh" id="openssl/openssl#23448"/>
<issue tracker="gh" id="openssl/openssl#23456"/>
<packager>gbelinassi</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for openssl-3, libpulp, ulp-macros</summary>
<description>This update for openssl-3, libpulp, ulp-macros fixes the following issues:
openssl-3:
- CVE-2024-6119: possible denial of service in X.509 name checks (bsc#1229465)
- CVE-2024-5535: SSL_select_next_proto buffer overread (bsc#1227138)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers (bsc#1225551)
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-2511: Fix unconstrained session cache growth in TLSv1.3 (bsc#1222548)
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365)
- FIPS: RSA keygen PCT requirements. (bsc#1221760, bsc#1221753)
- FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode. (bsc#1220523)
- FIPS: Port openssl to use jitterentropy (bsc#1220523)
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786)
- FIPS: Service Level Indicator (bsc#1221365)
- FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module. (bsc#1221751)
- FIPS: Add required selftests (bsc#1221760)
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821)
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827)
- FIPS: Zeroization is required (bsc#1221752)
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696)
- FIPS: NIST SP 800-56Brev2 (bsc#1221824)
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787)
- FIPS: Port openssl to use jitterentropy (bsc#1220523)
- FIPS: NIST SP 800-56Arev3 (bsc#1221822)
- FIPS: Error state has to be enforced (bsc#1221753)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- fix non-reproducible build issue
- Fix HDKF key derivation (bsc#1225291)
- Enable livepatching support (bsc#1223428)
libpulp:
- Update package with libpulp-0.3.5
* Change .so load policy from lazy to eager.
* Fix patch of references when mprotect is enabled.
* Fix tramposed calloc arguments.
* Fix crash of ulp packer on empty lines.
- Disabled ptrace_scope through aaa_base-enable-ptrace package (bsc#1221763).
- Update package with libpulp-0.3.4:
* Add debuginfo into ulp extract.
- Disabled ptrace_scope when building the package (bsc#1221763).
- Update package with libpulp-0.3.3:
* Fixed a race condition when process list is empty.
* Removed "Unable to get section data" error message (bsc#1223306).
* Bumped asunsafe_conversion attempts from 100 to 2000.
* Fixed banner test on clang-18.
* Check if ptrace_scope is enabled when attempting a ptrace operation (bsc#1221763).
- Update package with libpulp-0.3.1:
* Add timestamp information on `ulp patches`.
ulp-macros:
- Initial release.
</description>
<package>libpulp</package>
<package>openssl-3</package>
<package>ulp-macros</package>
<package>jitterentropy</package>
<seperate_build_arch/>
</patchinfo>